Free guide to data backup and disaster recovery
Ensuring you have backups of your data – and an effective disaster recovery plan – are crucial to business continuity.
Business continuity refers to the procedures required to ensure your mission-critical business functions can continue to operate during and after a disaster. It means being able to restore data that would have otherwise been lost.
Data loss can prove extremely costly, not only in terms of business continuity and productivity but also reputational damage. There is also the potential of costly legal action as a result of a security breach.
Over 33% of lost data is, or includes, customer information and financial information
Data loss typically has permanent consequences. A study carried out by the British Chambers of Commerce found that 93% of businesses that suffer data loss for more than ten days file for bankruptcy within one year, 50% immediately.
As we discussed in our last article ‘Optimising and securing remote work in your business’, the move to remote working during lockdown (and the seemingly inevitable increase of remote workers in the future) means increased risks for most businesses.
However, there are steps you can take to mitigate all of this risk. And by thinking about your business continuity now, you’re taking the first step to preventing data loss in your business in the future.
In this article, we will:
- look the most common threats and disasters we face today
- explain what disaster recovery is and how to create a disaster recovery plan
- go into detail about data backups and how to create an effective backup strategy
- briefly cover why you need monitoring and alerts too
- provide a free downloadable business continuity checklist
Threats and disasters
Here are some of the most common and very real threats and disasters that can affect any business:
Malware is malicious software, which can cause harm in many ways, including:
- causing a device to become locked or unusable
- stealing, deleting or encrypting data
- taking control of your devices to attack other organisations
- obtaining credentials which allow access to your organisation’s systems or services that you use
- use your device for mining cryptocurrency
- using services that may cost you money (for example, premium rate phone calls)
Ransomware is a type of malware that prevents you from accessing your computer (or the data that it’s stored on it). The computer itself may become locked, or the data on it might be stolen, deleted or encrypted.
Viruses are programs which can self-replicate and are designed to infect legitimate software programs or systems.
Storms, fires, and floods can all do irreparable damage to your business. Around 80% of companies that close completely due to natural disasters for more than five days never reopen, so getting back on your feet is crucial in the event of a natural disaster.
Due to global climate change, natural disasters, floods, and earthquakes have increased and intensified over recent years. This has cost the global economy around £2 trillion since 2000.
Hardware or system failure
Whether from a power surge or other cause, if your hardware fails, it can take all your data with it. Using a cloud-based or off-site storage provides additional protection, as it is unlikely both locations will be struck simultaneously.
Software malfunction or corruption
The 2016 Cyber Resilience Report found that 66% of companies in 61 countries experienced at least one cyber incident in the last year. These are generally caused by phishing, social engineering, malware and out-of-date software.
Power outages can happen suddenly and without warning. If workstations are in the middle of a process, that process will not be completed. This can cause damage to both software and hardware. You can then lose unsaved data and files could be corrupted. If power is turned off at the exact wrong moment, your computer could be rendered unsalvageable.
Thefts from businesses are often opportunistic, but they can be targeted too. Your offices could be broken into, and you could have hardware stolen. Thieves are also likely to target laptop computers and mobile devices outside the office (for example, on public transport, in coffee shops, and so on).
One of the most common causes of disasters is unintentional human error. The most basic operator errors can wipe out years of data. Forgetting to save changes, accidentally deleting an important document, or flipping the wrong switch could lead to a significant loss for your company.
If a disaster can’t be avoided, the next best thing is getting your business back up and running as quickly as possible.
Disaster recovery refers to the process of replicating and restoring your computing environment – data, systems, networks, and applications, allowing your business to operate as usual.
Data can be retrieved from a backup if your systems are in working order. But if a server fails, for example, and takes your IT environment down with it, then there is nothing to recover your data to. Getting your systems back up and running would require the purchase of a new server, reinstatement of the operating system and finally recovery of your data. This could take up to a week, raising the following important question; how long could your business be down for?
Creating your disaster recovery plan
A disaster recovery plan allows you to document and execute a pre-planned list of actions to backup and restore data without any data loss. It encompasses everything you need to mitigate data loss completely in your business. It ensures everyone is on the same page and knows what’s happening.
Businesses with a disaster recovery plan report increased savings, enhanced system reliability, and improved security, even without a disaster.
Naturally, this plan will be different for everyone and customised to meet your exact needs and situation. For example, an ecommerce business will lose money for every minute their website is down but an accountancy firm won’t be affected as severely.
Here are four things you must include in your disaster recovery plan and process to ensure business continuity:
1. Know your threats
Ensure your disaster recovery plan is effective against all, or at least the most likely or most significant threats. It must factor in multiple causes to be effective against data loss.
2. Know your assets
Make a list of all the assets that are important for the day-to-day operations of your business. In terms of IT, this includes network equipment, servers, workstations, software, cloud services, mobile devices, and more.
Then prioritise that list:
- Critical assets your business cannot operate without, for example, an email server
- Important assets that can seriously disrupt your regular business activity like cloud storage
- Other assets that won’t have a significant effect on your business such as an internal communication tool (assuming alternatives like email and text messaging are still available, of course)
3. Replicate your data
Every disaster recovery plan needs to cover how data will be replicated. Many businesses schedule periodic data backups. However, for disaster recovery purposes, we recommend you continuously replicate data to another system like a backup device within your own data centre or secondary server, a remote data centre, or reliable, low-latency cloud storage.
These decisions will be part of your backup strategy. We’ll cover this in the next section.
4. Test a full restore
Testing your disaster recovery process means undertaking a full system restore, including applications and operating systems, to ensure your backup and recovery process is viable. Without this step, you take the risk that your process is untested and may not stand up to a real disaster.
Creating a backup strategy
Backups are complicated, and without a strategy, they can fail you when you need them most.
According to research by Beaming, nearly 4 million businesses in the UK put their very existence in danger by having inadequate backup strategies – and a staggering 700,000+ businesses have no strategy at all.
A solid backup strategy will cover the following:
Backup solutions and tools
While it is possible to back up data manually, to ensure systems are backed up regularly and consistently, most organisations use a technology solution to back up their data.
Designate someone to be responsible specifically for backups. They should ensure backup systems are set up correctly, test them periodically and ensure that critical data is actually backed up.
Backup scope and schedule
Specify what files and systems are important enough to be backed up, and how frequently that data should be backed up.
You need to protect your business data no matter where it lives, including files and applications on local servers, end-user endpoints, and in SaaS applications. For some businesses, their entire business infrastructure must be backed up and available to restore.
How regularly you take backups depends on what type of data you need to back up, the size of that data and how often it changes.
Regular backups provide more ‘recovery points’ (more data storage and network resources) but ensure your data remains up to date.
How long you need to store your data for depends on the data itself. Some things you will store are only useful in the short-term (like meeting notes or monthly marketing plans). Some have significant long-term value (like financial records or proprietory code for an application).
Your strategy should ensure you have a comprehensive backup solution with flexible retention options to ensure your data is stored for as long as required. That way, you’re not paying to store data that you won’t need to restore.
Recovery Point Objective (RPO)
Your Recovery Point Objective (RPO) is the amount of data you are willing to lose if a disaster occurs. It is determined by the frequency of backups. For example, if systems are backed up twice per day, the RPO is 12 hours. The lower the RPO, the more data storage and network resources are required to achieve frequent backups.
Recovery Time Objective (RTO)
Your Recovery Time Objective (RTO) is the time it takes for you to restore data or systems from backup and resume normal operations. For large data volumes or backups stored off-premises, copying data and restoring systems can take time, and robust technical solutions are needed to ensure a low RTO.
Storing your data
How you store your backups will depend on the size and sensitivity of your data.
Data backup options
- Removable media: The simplest, cheapest option is to backup files on removable media such as DVDs or USB flash drives. Practical for small amounts of data but requires transport to another location otherwise the data may be lost in a disaster. Low security so not suitable for sensitive data.
- External hard drive: A high-volume external hard drive on your network using archive software to save changes to local files. Enables file restoration in minutes but usually a single external hard drive isn’t enough, and the hard drives must be connected to the local network. Low security so not suitable for sensitive data either.
Redundancy: an additional hard drive that is a replica of a sensitive system’s drive at a specific point in time, or an entire redundant system. For example, another email server that is on standby, backing up your primary email server. Can be complex to manage and requires frequent replication.
- Hardware appliances: Backup appliances come with large storage capacity and pre-integrated backup software. You install backup agents on the systems you need to back up, define your backup schedule and policy, and the data starts streaming to the backup device. Must be isolated from your local network securely and, ideally, locations on a remote site.
- Backup software: Software backup solutions allow you to define the systems and data you’d like to back up, allocate backups to the storage device of your choice, and automatically manage the backup process. They can be complex to deploy and configure but offer greater flexibility than hardware appliances.
- Cloud backup services: Backup as a Service (BaaS) and Disaster Recovery as a Service (DRaaS) solutions let you push local data to a public or private cloud and in case of disaster, recover data from the cloud. These solutions are easy to use and benefit from the fact that the data is saved securely in a remote location. Ensure compliance with relevant regulations and standards. Look for end-to-end 256-bit AES encryption for every backup.
3-2-1 backup strategy
We recommend a strategy that combines multiple storage locations to ensure your data is adequately duplicated and reliably recoverable, with three copies of your data replicated on at least two different storage media and at least one copy stored remotely. This is known as a 3-2-1 backup strategy.
This strategy protects against both accidents and malicious threats like ransomware and ensures reliable data backup and restoration.
You need to be able to recover your data, servers or desktops as fast as possible.
We recommend a cloud-based system that can restore from the cloud to a virtual environment in seconds, helping you get back to normal business operations rapidly. Restores can target individual files or an entire system, and your data can be restored from any point in time.
Testing your backups
Knowing that your backups are tested and validated gives you peace of mind, knowing you can recover the information that’s vital for your business should the worst-case scenario become a reality.
Without proper testing and validation, how will you know that you can depend on your backups when you need them most? Will your systems boot successfully? Will all of your data be recoverable?
We recommend implementing a backup system that automatically verifies that backups will boot with all data intact. Not only will this remove the possibility of human error when validating backups manually, but it will give you 100% confidence in your backups and ability to restore your data.
Monitoring and alerts
No-one wants to be in a position where they need to use a backup – it’s the last line of defence against data loss and downtime in a business. You need to know there’s a potential problem before it becomes an actual problem. Setting up active, targeted monitoring on your servers allows you to do just that.
Proactive 24/7 monitoring, reporting and alerting deliver real-time information that helps you react fast to any problems with your critical services, servers, and firewalls.
You also need to know that backups have happened successfully and what has been backed up. Choose a backup solution that provides email alerts and reports on the status of all backups, and notifies you of any failed attempts.
Look for monitoring and alerts as part of a Managed IT support package that provides complete management and monitoring of all your workstations, servers, and mobile devices.
Free Business Continuity checklist
Download our handy, sharable PDF checklist that lists all the action points that will help your business successfully implement secure, reliable data backups and a comprehensive disaster recovery plan.
Need expert data backup and recovery support?
If you need expert support creating and implementing a data backup and disaster recovery strategy, or any of the moving parts within that strategy, we’re here to help. We have decades of experience helping businesses and organisations of all shapes and sizes ensure their data is safe and secure using the latest Datto technology.
We know that when it comes to your critical business functions that continuity is everything. You need a bullet-proof backup and recovery solution for when the worst-case scenario becomes a challenging reality.
Our Disaster Recovery service ensures you recover from significant issues rapidly and without data loss, helping you get back to business as usual with minimal downtime. Combine with our Managed IT support service and get complete monitoring and alert coverage too, all from a single supplier at a cost-effective monthly payment.